White Paper – Security Questions

This “white paper” was created to present to several clients of mine. I’m posting it to my blog so that it can be reviewed and maybe raise some questions as to how you handle your home and business information.

Do you allow users to surf MySpace, FaceBook, or similar sites? How do you know?

“Over 90 percent of the Webpages that are spreading Trojan horses and spyware are legitimate sites, some belonging to household brands and Fortune 500 companies, Sophos reports. Most have been hacked through SQL injection.” – source: Sophos.com

“Cross-site scripting

AJAX also increases the possibility of so-called cross-site scripting flaws, which occur when the site developer doesn’t properly code pages, experts said. An attacker can exploit this type of vulnerability to hijack user accounts, launch information-stealing phishing scams or even download malicious code onto users’ computers, experts have said. Big-name Web companies such as Microsoft, eBay, Yahoo and Google have all experienced cross-site scripting flaws on their Web sites.” – source: Cnet.com

How much is your data worth if it gets into the hands of a competitor or criminal?

There is some evidence that cyber criminals are now specifically targeting laptop users, encouraged to do so by the finding that corporate laptops hold an average $525,000 worth of sensitive data. – source: Bahn, October 2007

Company Email and Consistency

Do your workers use their personal Yahoo or AOL accounts for email?

Do you want your clients to have an image of your company with potentially suggestive email addresses? (ex: cutiegirl69@yahoo.com)

What will you do if a lawsuit and discovery injunction requires that you are able to provide all communications?